package com.twosigma.cook.jobclient.auth.spnego;

import org.apache.http.auth.AuthScheme;
import org.apache.http.impl.auth.SPNegoScheme;
import org.apache.http.impl.auth.SPNegoSchemeFactory;
import org.apache.http.params.HttpParams;
import org.apache.http.protocol.HttpContext;
import org.ietf.jgss.GSSContext;
import org.ietf.jgss.GSSCredential;
import org.ietf.jgss.GSSException;
import org.ietf.jgss.GSSManager;
import org.ietf.jgss.GSSName;
import org.ietf.jgss.Oid;

/* loaded from: input_file:com/twosigma/cook/jobclient/auth/spnego/BasicSPNegoSchemeFactory.class */
public class BasicSPNegoSchemeFactory extends SPNegoSchemeFactory {
    public static final boolean USE_CANONICAL_HOSTNAME = false;
    static final String SPNEGO_OID = "1.2.840.113554.1.2.2";
    private final GSSCredentialProvider _credentialProvider;

    /* loaded from: input_file:com/twosigma/cook/jobclient/auth/spnego/BasicSPNegoSchemeFactory$BasicSPNegoScheme.class */
    private static class BasicSPNegoScheme extends SPNegoScheme {
        private Oid _oid;
        private final GSSCredentialProvider _credentialProvider;

        private synchronized Oid getOID() throws GSSException {
            if (this._oid == null) {
                this._oid = new Oid(BasicSPNegoSchemeFactory.SPNEGO_OID);
            }
            return this._oid;
        }

        private GSSCredential getCredential() {
            if (this._credentialProvider == null) {
                return null;
            }
            return this._credentialProvider.getCredential();
        }

        BasicSPNegoScheme(boolean z, GSSCredentialProvider gSSCredentialProvider) {
            super(z);
            this._credentialProvider = gSSCredentialProvider;
        }

        protected byte[] generateToken(byte[] bArr, String str) throws GSSException {
            byte[] bArr2 = bArr;
            if (bArr2 == null) {
                bArr2 = new byte[0];
            }
            GSSManager manager = getManager();
            GSSName createName = manager.createName("HTTP@" + str, GSSName.NT_HOSTBASED_SERVICE);
            GSSCredential credential = getCredential();
            Oid oid = getOID();
            GSSContext createContext = manager.createContext(createName.canonicalize(oid), oid, credential, 0);
            createContext.requestMutualAuth(true);
            createContext.requestConf(true);
            return createContext.initSecContext(bArr2, 0, bArr2.length);
        }
    }

    public static SPNegoSchemeFactory build(boolean z, GSSCredentialProvider gSSCredentialProvider) {
        return gSSCredentialProvider == null ? new SPNegoSchemeFactory(true) : new BasicSPNegoSchemeFactory(true, gSSCredentialProvider);
    }

    protected BasicSPNegoSchemeFactory(boolean z, GSSCredentialProvider gSSCredentialProvider) {
        super(z);
        this._credentialProvider = gSSCredentialProvider;
    }

    public AuthScheme newInstance(HttpParams httpParams) {
        return new BasicSPNegoScheme(isStripPort(), this._credentialProvider);
    }

    public AuthScheme create(HttpContext httpContext) {
        return new BasicSPNegoScheme(isStripPort(), this._credentialProvider);
    }
}
